-Finished-
Detection of creation or modification of Scheduled Task with suspicious script, extension or user writable path. Attacker may create or modify Scheduled Task for execution of malicious code with a persistance. Detection focus at the same tine on the EventID 4688 with the process creation (SCHTASKS) and EventID 4698 for the Scheduled Task creation/modification event log.
-Finished- Detection of creation or modification of Scheduled Task with suspicious script, extension or user writable path. Attacker may create or modify Scheduled Task for execution of malicious code with a persistance. Detection focus at the same tine on the EventID 4688 with the process creation (SCHTASKS) and EventID 4698 for the Scheduled Task creation/modification event log.